Security Advisory

VMware Family March 2024 Primary Security Update Advisory

  • Mar 06 2024

Overview

 

VMware(https://www.vmware.com) has released a security update that fixes vulnerabilities in products it has been made. users of affected products are advised to update to the latest version.

 

Affected Products

 

VMware ESXi 8.0 Versions

VMware ESXi 8.0 [2] Versions

VMware ESXi 7.0 Versions

VMware Workstation 17.x Versions

VMware Fusion 13.x Version

VMware Cloud Foundation (ESXi) 5.x/4.x version

 

Resolved Vulnerabilities

 

Use-After-Free Vulnerability in XHCI USB Controllers in VMware ESXi, Workstation, and Fusion (CVE-2024-22252)

Use-After-Free Vulnerability in UHCI USB Controllers in VMware ESXi, Workstation, and Fusion (CVE-2024-22253)

Out-of-Bounds Write Vulnerability in VMware ESXi (CVE-2024-22254)

Information Disclosure Vulnerability in UHCI USB Controllers in VMware ESXi, Workstation, and Fusion (CVE-2024-22255)

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the 03/05/2024 update

VMware ESXi ESXi80U2sb-23305545 Version [2]

VMware ESXi ESXi80U1d-23299997 Version [3]

VMware ESXi ESXi70U3p – 23307199 Version [4]

VMware Workstation 17.5.1 Version

VMware Fusion version 13.5.1

VMware Cloud Foundation (ESXi) KB88287 Version [5]

 

Referenced Sites

 

[1] VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)
https://www.vmware.com/security/advisories/VMSA-2024-0006.1.html
[2] VMware ESXi 8.0 Update 2b Release Notes
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80u2b-release-notes/index.html
[3] VMware ESXi 8.0 Update 1d Release Notes
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80u1d-release-notes/index.html
[4] VMware ESXi 7.0 Update 3p Release Notes
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3p-release-notes/index.html
[5] Applying individual product updates to VMware Cloud Foundation environments using Async Patch Tool (AP Tool) (88287)
https://kb.vmware.com/s/article/88287

Tags:

Previous Post

Next Post